Vulnerabilities > Saltstack > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-33226 Classic Buffer Overflow vulnerability in Saltstack Salt
Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.
network
low complexity
saltstack CWE-120
critical
 9.8
9.8
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-74
critical
 9.8
9.8
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-77
critical
 9.8
9.8
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject debian CWE-613
critical
 9.1
9.1
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-94
critical
 9.8
9.8
2021-02-27 CVE-2021-25282 Path Traversal vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-22
critical
 9.1
9.1
2021-02-27 CVE-2021-25281 Improper Authentication vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-287
critical
 9.8
9.8
2020-11-06 CVE-2020-25592 Improper Authentication vulnerability in multiple products
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens.
network
low complexity
saltstack debian CWE-287
critical
 9.8
9.8
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject CWE-78
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8